Microsoft Audit Blog
06/19/2023
16 min
0

Microsoft Audit: Complete Overview

06/19/2023
16 min
0

Microsoft Audits often sound scary for many companies irregardless of its size and branch. The thought of having Microsoft auditors review your software and licensing policies can be intimidating and daunting. However, being prepared for an audit is crucial to prevent fees, penalties and damage to your company’s reputation. In this article, we will provide you with the information and strategies that you need in order for you to pass a Microsoft Audit successfully. We will go over the fundamentals of Microsoft licensing, as well as the audit process and how to prepare for and survive an audit.

 

Microsoft Audit: Key Takeaways

  • Microsoft Audit is a general check up that is conducted by Microsoft on a company’s devices and software to make sure that they are being used legally. The audit is usually conducted by an outside auditor hired by Microsoft. The auditors are experts in Microsoft licensing and software, if they find any problems during the audit, they might ask your company to pay for more licences, deal with certain consequences or take legal action.
  • A Microsoft audit can happen to any company that uses Microsoft Software, most of the time the audit is done on random selection. That is why the timing of Microsoft Audit is very unpredictable and varies. However, companies are typically given a 30-day notice before an audit takes place.
  • There are several consequences for not complying or failing the audit, such as penalties, bad relationship with Microsoft, legal actions, damaged reputation and many others that can harm your company.
  • The audit process might be overwhelming, however, if you prepare beforehand by, for example, organising all the necessary documents and information for the audit or performing regular internal audits, you will deal with the Microsoft audit easily and without any worries.
  • Don’t be overly afraid! The Microsoft Audit process can be intimidating, however if you fully cooperate with the auditors and you legally obtain your licence, there won’t be any issues or consequences for you.

Essentially, Microsoft Audits are a normal check up that Microsoft performs on a company’s devices and software to ensure that they are being used legally. When a company purchases software from Microsoft, it is required to obtain a licence for each person or device that uses it. In other words, a licence serves as a legal permission slip that authorises the user to use the software. During an audit, Microsoft closely inspects the number of licences that the company has for all the software the employees use and the manner in which they are using them. For instance, if a company has 100 employees and for each one of them is using Microsoft Office, the company must obtain 100 Microsoft Office licences. If during an audit it turns out that there are less than 100 licences, this indicates that the company has been using the software illegally.

Microsoft Audit can happen to any company, at any time. If your company uses Microsoft Products, there is a high chance of receiving an unexpected email for an official Microsoft audit. An audit is selected randomly as part of their regular compliance monitoring process, however, there are some cues that alert Microsoft to conduct an audit to a company. Microsoft may conduct an audit if it has concerns that a company is not complying with their licensing agreements or using their softwares illegally. This can happen when Microsoft receives reports of software piracy, or if it notices unusual patterns in a company’s software usage, or if Microsoft is suspecting that a company is not accurately reporting their licence usage. Another reason for Microsoft to conduct an audit is when a company purchases new licences or renews existing licences to verify the company’s licence usage. Microsoft does this to ensure that the company purchases the correct amount of licences for their needs and they are not under or over licensing their software. Lastly, Microsoft may also conduct an audit to a company that recently merged or acquired another enterprise to ensure that the companies are not unintentionally using unlicensed software or under-licensing due to confusion.

Contact us about pre-owned software from Softtrader Banner

The Process of Microsoft Audit

Not a lot is known why and how an audit happens. There are also multiple sources with contradictory information. Below you can find the stages of the typical Microsoft audit.

Audit Letter & Kick-Off Meeting

Microsoft will start with instigating an official audit letter to your company notifying you regarding the upcoming audit and its purpose. You will then be asked to schedule a kick off meeting to discuss it further. The kick-off meeting typically will include your representative personnel or department and the auditors. In the rare case, Microsoft may request to be included. Your company and the auditors will be discussing the purpose and the objective of the audit. The auditors will inform about timelines, the process of the audit, the required data, expected outcomes and any other relevant information.

Data Collection

The Auditor will request for the company to provide them with as much data and relevant information as possible. Data collection can also involve an on-site visit by the auditor, this to ensure that all of the data that were provided are valid and accurate. The auditor will also collect any additional information or data results from the visit.

Draft Reports

After all the data has been gathered, the auditors will present the company with a report. The report highlights the scope of the audit, the findings, recommendations, areas to improve and any relevant backgrounds. The reports often have some misinterpretations, errors, and assumptions which the company needs to validate and prove otherwise. This is usually the time for questions and clarifications from the company to their auditor regarding the report. Therefore it is crucial for the company to carefully review the draft, defend their position, and to provide any additional data or evidence to the auditors.

Final Audit Report

The auditors will come up with a final audit report after reviewing the company’s ‘defence’ against the allegation. The auditor then will schedule a meeting to present the final report, usually in the form of Excel sheet listing the licences along with a summary of the situation. Now the auditor has considered their job as finished, which leaves the company and Microsoft to go over the final report and negotiate the outcome. This can result in an established good term with Microsoft or the company has to pay for penalties if the report came out negative. However, most of the time Microsoft’s objective is not to penalise a company. Instead, Microsoft values future growth. This phase should be seen as an opportunity to build a relationship with Microsoft.


What do Auditors look for during an Audit?

After learning the process of an audit, you will likely realise that it is not as intimidating as you thought it might be. However, before we go in further into what auditors look at during an audit, it is crucial for a company to remember these important things:

  • The auditor’s role is purely dealing with data, therefore, if your company has any business arguments for the licensing, it is best to save it into the final negotiations with Microsoft
  • In most cases, the auditor will assume you are not licensing correctly in order to remain as unbiased as possible. If the auditor encounters any ambiguity regarding the legitimacy of your software, for example, it is to be expected that they will side with Microsoft.
  • Another thing to remember is that the auditor will not discuss any financial figures or fines with your company, since that is Microsoft’s job.
  • The final report that your company receives from the auditors is not Microsoft’s final decision. As a company, you can defend any accusation and negotiate with Microsoft by providing the missing context or argumentation about your licensing choices.

During a Microsoft audit, auditors usually examine specific areas to ensure compliance with Microsoft’s terms and conditions. Here are some of the key features that auditors could take into account:

  • Copyright Infringement
  • Breach of contract
  • Proof of purchase for all the software installed or accessed (Invoices or receipts)
  • Product keys
  • Volume licensing agreement

As already briefly mentioned, auditors have a cautious approach by initially assuming that your company is not being compliant until proven otherwise. By having an assumption of non-compliance, auditors can maintain a thorough and unbiased approach throughout the audit. Any attempts in concealing illegal usage may result in worse problems, so it’s better for a company to stay compliant, and discuss any arguments or lead negotiations with Microsoft after the final reports from the auditors.


Preparing for and Surviving an Audit

  • A Microsoft audit may seem complicated to some companies that haven't been audited before. If this is your company's first audit, it is important to prepare beforehand. Knowing what to expect during an audit is therefore a must. Here we list the key points when preparing for a Microsoft audit;
  • Inform your company’s stakeholders about the audit request from Microsoft.
  • Prepare a team or an employee to work on the audit, ensure that relevant members are appointed for the audit such as IT departments or procurement officers.
  • Keep all of your documents and paperwork organised and available to the auditors.
  • Carefully count all physical servers, virtual machines, virtual servers and the number of User / Device CALs of the company.
  • Keep track of all devices that use Microsoft products including laptops and mobile devices. Also lists how many people are using and have access to the SQL databases and other server-based products.
  • Train your legal team on the license matter so that they get familiar with Microsoft’s legal guidelines.
  • Create a clear guideline concerning the internal resources needed, timeline and potential effects on the company’s ongoing operations.
  • Engage with Legal and IT experts to seek assistance and guidance on licensing challenges, agreements and managements.
  • Perform internal audits to help identify any potential compliance issues and could be a saving opportunity if done correctly. However, this doesn’t count as an official Microsoft audit, this is more like a trial-run of the actual audit. Internal audits aim to just give an overview of what is going to happen during an actual audit and as an indicator of what needs to be fixed to be compliant with Microsoft terms and agreements.

Given the experience of our customers who have passed an official Microsoft audit, we are proud to say that we are reasonably familiar with the process of Microsoft audits. Our customers' experiences indicate that providing a valid proof of purchase is sufficient to pass an audit. At Softtrader, we provide volume licences with the respective documents. Please note that Microsoft recognizes Softtrader's invoice as a valid proof of purchase.

Microsoft Office 2016, 2019 and 2021 Softtrader

Reasons why Companies Fail an Audit

There are multiple reasons for why a company would fail a Microsoft audit. The most common one is companies not knowing or understanding the licensing agreement. Another reason is not providing an invoice or other proof of purchase, mistakes in the reporting and different license interpretations. Below we go over each of these reasons and how to avoid them.

Lack of knowledge in the agreement

Lack of knowledge in the license agreement is a frequent problem when it comes to companies defending their license accusation from the auditors. Therefore, it is crucial for companies to understand their license agreement clearly. The auditors might not be aware of the context and the specifics to your license agreement, which could lead to misinterpretations. Although the auditors might be aware of the general understanding of the company’s industry and business, they may lack specific knowledge about the company’s background or any additional circumstances. Therefore, to ensure the compliance of the auditors, it is the company’s responsibility to provide the necessary documents and information to support their claims.

Incomplete entitlement data

Many companies fail the Microsoft audit because they are missing entitlement data. Here are the list of private proof of entitlements data:

  • OEM (Original Equipment Manufacturer) License
  • ESD (Electronic Software Distribution) Licenses
  • FPP (Full Packaged Product) Licenses
  • MSDN Subcriptions
  • Software Assurance Licenses
  • Agreement for Transferred Licenses
  • Microsoft License Statement

Keep in mind that you don’t need to have all of the above documents, it will depend on which software licences you purchase. As long as you can provide proof of purchase or legal documents that are entitled for the software usage is valid to the auditors.

Mistake in the calculation

Auditors often use excel to gather their data and input their calculation. Auditors are also human, they might make mistakes in the formula or calculation. Even a simple calculation mistake can affect Microsoft decisions and can cause harm to your company. Therefore, it is important that you carefully and thoroughly check the data in all reports handed to you by the auditors.

Different interpretation in licensing

Each company could use the licenses in a different manner, which is why auditors are not always familiar with the purpose behind a specific licensing. Just because the auditors come from a big company, doesn’t mean that they are more experienced in licensing or fully understand the context of your licence usage. Therefore it is your job to understand these and to provide the necessary explanation.

Issues in inventory data

An issue in your company’s inventory data might put your company on the bad side of the auditors. Therefore it is important for a company to avoid these issues in order to comply and pass a Microsoft audit.

  • Unorganized Active Directory data
  • Outdated user and computer records in Active Directory
  • Low quality and not complete inventory data
  • Failure to declare disaster recovery and SQL passive instances
  • Unaccounted development and test environments
  • Reliance on third-party licenses
  • Dependency on OEM and ISV licenses

We understand that a Microsoft audit process can raise questions and concerns to our clients. At Softtrader, our team is available to provide the necessary information and address any concerns you may have. We are always open to any questions, inquiries about the audit, required documents or the delivery of licenses. Click here to contact us and consult with us.


Potential Consequences for failing Microsoft audit

If a company fails to comply and prove the legality of their software usage to Microsoft, there are several consequences that can significantly impact a company. Here is the list of potential consequences for failing to comply with Microsoft Audit:

Fines and Penalties

If a company fails to comply with the regulations, it may be subject to hefty fines and penalties. These fines can range from hundreds to thousands of euros per licence that a company has illegally obtained.

Legal Action

Microsoft can take legal actions against companies that illegally use their software. This can result in costly settlements, damages, and legal fees. Not only that, legal actions tend to be very time-consuming and expensive, while often resulting in negative publicity to the company.

Increased Licensing Costs

A company may be required to purchase additional licenses to become compliant if an audit reveals that the company is under-licensing its software. In case the company has been under-licensing their software for a long time, this can result in significant additional costs, which then can have a major impact on the company’s budgets and finances.

Damaged Reputation

Failing a Microsoft audit can also damage a company’s reputation. This can then result in difficulty in partnering and doing business with other companies, negative publicity, and also public scrutiny. This can be difficult to overcome and can have a long-lasting effect on the company’s brand and image.

Loss of Access and Support

Lastly, failing a Microsoft audit can result in the loss of access to support and updates. This can then lead to difficulties in software maintenance and can result in security vulnerabilities. Without access to support and updates, companies risk losing important data which would then hinder its operations..

Although the consequences may sound agitating and intimidating, don’t be overly afraid! As long as your company complies with Microsoft and does not use the software and licenses illegally, you are not likely to face these consequences. Worst case scenario, if you are accused of any illegal actions, as long as you can show proof or become compliant by agreeing to pay for additional licences, you will not have to deal with any consequences. With the right information and strategies, you can survive and successfully pass the Microsoft audit. Find below how to best prepare for and what to do during a Microsoft audit and what.


Key Tips & Strategies to pass a Microsoft Audit

  • During the kick-off meeting, listen carefully and take notes on any relevant information.
  • Take control and be in charge of the timelines of the audit to minimise disruptions to the company’s operations.
  • Avoid sharing too much information to the auditor, only share what’s necessary and you can always share additional information later.
  • Always review the audit report as there may be possible misunderstanding or interpretations of the results. There could also be calculation mistakes and data errors, so always carefully review the report and provide evidence to defend any incorrect claims.
  • Consult or seek assistance with professionals to avoid any mistakes that could badly impact the results of the audit.
  • Perform internal or regular audits to ensure certainty on an official Microsoft audits
  • Continuously monitor the compliance of any purchased and installed software with the license entitlement documents.
  • Gather a team of experts or personnels for the audit. Ensure that all members are relevant and have expertise on license to defend the company and ensure that the audit process runs smoothly.
  • Organize all the necessary information and documents regarding the software licenses so that when the time comes, the company is ready to deal with the official Microsoft audit.


Understanding Microsoft Licensing

Types of Microsoft Licenses

Software is not a physical product sold like cars or computers. Software is an intellectual property and protected by copyright. The owner of a piece of software grants others permission to use it: the license. The content and scope of a license is at one's discretion, but in practice a few standard forms are often used. A well-known example is the EULA or End User License Agreement: a license that allows use for internal purposes, but not resale. Another example is the OEM license, under which one may bundle software with a computer and sell together. In addition, there are other license forms such as Retail, Open License volume licenses or, for example, SPLA (rental). The most commonly sold licenses are OEM, Retail and volume licenses. Read more about how to choose between retail or volume licenses here to gain better insights which type of licenses that suits you best.

Besides deciding which licensing model fits your company’s needs the best, you must also find a trusted distributor to help you license correctly. If you are looking for perpetual licenses, Softtrader is specialsed in OLP Volume and Retail Microsoft licenses. Through a decade of experience in this market, Softtrader provides every client with audit proof Microsoft licenses.Check out our full assortment of new and pre-owned software licences.

Windows Server Standard & Datacenter Softtrader

Many licenses for standard software stipulate that after paying a one-time fee, one may use the software in principle in perpetuity. In its ruling C-128/11, the highest European court, the European Court of Justice, ruled that such licenses constitute a "sale" of the software. This means that one may resell these licenses to third parties: second-hand licenses are legal.

Softtrader was founded after the European Court of Justice ruling. Since the ruling of the Court of Justice, standard software licenses are in principle eligible to be sold and resold.. However, the license must meet a number of requirements. To prevent the owner of the software (e.g. Microsoft) from raising a valid claim against the use of the software license, it is necessary to examine for each license whether it is freely tradable. If it is found to be freely tradable, the copyright holder cannot act against the purchase and sale of these licenses, as well as the taking into use of the software to which the license relates. For a valid transfer, the following requirements must be met:

  1. The license must have originally been put into circulation by the owner of the software in the European Union. This means that licenses sold by Microsoft outside the EU, for example, cannot be validly transferred.
  2. The software (and thus the software license) must have been essentially "sold" by the rights holder. This means that there must have been a one-time reasonable remuneration in return, corresponding to the economic value of the software. Whether there is a reasonable compensation cannot be said in general terms, but the guiding principle must be that it is obviously not a matter of "renting" software.
  3. The license must have been granted to the first acquirer without time limitation. Therefore, a license to which a maximum duration/end date is attached may not be resold.
  4. Before transferring the license, the previous licensee must disable his copy of the software to prevent multiple copies of the software from circulating at the same time.

If all the above requirements are met, the license may be resold. Even if the rights holder has stated in the license conditions that resale is not allowed.

Is registration in Microsoft's VLSC required?

The use of pre-owned licenses does not require registration with the manufacturer. Registration with the manufacturer is both technically unnecessary and mandatory. In addition, you have no obligation to provide information to the manufacturer.

 All of our software licenses comply with all the requirements of the European Court of Justice. Therefore, our pre-owned software licenses are legal and audit-proof. See our wide range of Microsoft licenses.


Passing a Microsoft Audit with Pre-Owned Software Licenses

Another common question we receive is whether our pre-owned software licenses are audit-proof, the answer is yes. Softtrader's procurement policy is set up to act only in accordance with the guidelines and conditions as endorsed by the European Court of Justice in its ruling of July 3, 2012 C-128/11. Softtrader guarantees that the licenses delivered can be used for the software in question. Like a new license, the scope of the Software License is limited to the license terms. This is because the license right is based on the provisions of copyright law and the legally binding license terms of the copyright owner. Once the license is delivered digitally, you will receive a license document with all necessary information. In the case of an audit, the proof of purchase (invoice) is a legally conclusive transfer of the licenses delivered by Softtrader.


Conclusion

Microsoft Audit is not as intimidating and frightening as you may think. The information and guidelines in this article can help you avoid problems during an audit. Below you can also find a few important tips from this article:

  • Understand Microsoft Licensing & the Audit Process
  • Prepare before the audit
  • Avoid common mistakes that may fail the audit
  • Stay calm & collected during the audit to avoid any misunderstanding and confusion
  • Organise all the necessary documents and information regarding the audit, such as your licence rights, valid proof of purchase, etc.

If you are still unsure and struggle with Microsoft licensing or the audit itself, we encourage you to seek professional assistance. Softtrader’s team is always happy to assist you and provide you with the required expertise when it comes to Microsoft audits and the correct licensing model.

Buy your audit-proof Microsoft software at Softtrader

If you are looking for affordable audit proof Microsoft licences, Softtrader offers new and pre-owned software. With used licenses you can save up to 70% of the original price. All of our licenses are original and  audit proof. Furthermore, to ensure our clients’ security, all purchases with Softtrader are insured against damage claims. We provide all the necessary documents so that in case of an audit you can rest assured that it will not be a problem. Check our assortment of Retail and OLP Microsoft licenses.

Comments